Partnering for Chip to Cloud Security

The premise of IoT is to digitalize the physical world and unlock the benefits for your organization. The benefits range from operational efficiencies through to greater insights; potentially creating new lines of business and revenue.

If your organization is implementing an IoT solution you need to be reassured that you can trust the identity of the IoT devices. The identity of an IoT device is crucial so that the data can be trusted and relied upon, otherwise the data and insights could actually be distractions and the ‘innovative new lines of business’ might be a white elephant. So how can you be sure of the identity of an IoT device? One way is to have client-side certificates for your IoT devices, this provides the IoT device with an identity.

The IBM Watson IoT Platform has been named a leader in a recent Forrester Wave report. The IBM Watson IoT Platform has supported client-side certificates for a while. Providing a device identity through client-side certificates is a first step, and an acceptable starting point for many IoT solutions. However, there is still a risk of identity theft; an attacker might be able to get access to the device and steal its certificate. If you are implementing an IoT solution you should assess your risks and exposures according to your business. You should consider the potential impact of device identity theft to your brand and business and weigh it against the incremental costs to lower these risks.

If, based on your risk assessments, your IoT solution demands a higher-level of assurance in relation to IoT device identity, then it is possible to achieve this through hardware-based security at the device level by integrating Secure Elements. It is possible to achieve these higher levels of assurance through Secure Elements.

Secure Elements are microprocessors that provide a hardware based âvaultâ where sensitive information, such as the identity of the device (in this case a certificate), can be stored. The initial identity is baked into the Secure Element and can be incorporated into the IoT device at the point of manufacture. Through this solution you have a hardware-based root of trust for your chosen IoT devices.

If you have a requirement for Secure Elements in your IoT solution you might be intimidated by the challenge of having to configure each Secure Element â something that typically requires an investment in special secure hardware in your manufacturing facility. At IBM we have teamed up with NXP Semiconductors who have developed the A71CH âPlug & Trustâ Secure Element that is Ready for Watson IoT. These Secure Elements come pre-loaded with the certificates needed to connect to the IBM Watson IoT Platform. This helps you streamline your chip to cloud security and IoT device onboarding, allowing you to concentrate more on extracting the business value out of the insights that the IoT devices, and associated data, are providing to you.

NXP A71CH âPlug & Trustâ Secure Element

A breakthrough solution scalable for the Mass Market

NXP released a ready-to-use A71CH version that is âReady for IBM Watson IoTâ and provides a root of trust at the chip level, delivering proven chip-to-cloud security right out of the box. It allows devices to be securely connected to the IBM Watson IoT Platform without exposing private keys for the entire lifetime of the device.

The NXP A71CH âReady for IBM Watson IoTâ solution provides a secure identity to IoT devices to be used in combination with the IBM Watson IoT Platform. It prevents attackers from impersonating a device or giving it a new identity. The NXP A71CH comes pre-provisioned with x.509 certificates for IBM Watson IoT Platform and has keys injected at NXP secure certified facilities, removing the necessity for expensive public key infrastructure at IoT product manufacturing facilities. When embedded into devices, the chips have the necessary keys to establish a secure TLS connection with IBM Watson IoT, enabling seamless device-to-cloud connections. Thus, the IBM Watson IoT Platform together with IBM Cloud provides end-to-end secure communication starting from the secure identity delivered by NXPâs A71CH.

Collaboration with NXP brings secure, scalable device onboarding and authentication to enterprise and industrial connections. NXPâs A71CH IoT solution helps to reduce security concerns from IoT environments by delivering a âPlug & Trustâ experience to any connected device, making it easy to secure gateways and other edge devices.

Get started and build your product with NXPâs A71CH âReady for IBM Watson IoTâ:

Application note with detailed instructions how to implement the A71CH for secure connections to IBM Watson IoT